Security Risk Assessment for your Lexington, Kentucky Business
A Security Risk Assessment (SRA) reviews and evaluates your business’s technology and cybersecurity safeguards. The assessment involves identifying the risks in your company and verifying that you have the right procedures to safeguard against security threats. It will usually cover all security aspects of a company, from IT to Operations to HR and Accounting.
Security risk assessments are typically required by a business’s compliance standards. For example, the Federal Deposit Insurance Corporation (FDIC) requires information technology security standards, including regular audits, of banks. The Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) recommends risk assessments and security best practices for investment advisers, brokers, and exchanges. A security risk assessment can go by many names, from simple risk assessment to IT infrastructure risk assessment, a security risk audit, or a security audit.
A security risk assessment is performed by a security assessor, who will evaluate all aspects of your company’s systems to identify areas of risk. There are several components of a security risk assessment, each customized to the business and their compliance level. The assessment process will review and test systems and your employees, looking for weaknesses. As they are found, they are ranked based on how big of a risk they are to the company. An assessment’s deliverables include narratives of penetration tests, including identified vulnerabilities and exploited systems, an executive summary report with conclusions and recommendations, and a detailed work plan for remediation.
Types of systems involved in a security risk assessment can include any of the following elements:
Infrastructure
- Backup power, UPS and generator capacity
- Facility cooling capacity and redundancy
- Server wiring and cabling
- Server rack infrastructure
Servers & Systems
- Server inventory including detected OS’s
- Server vulnerability reports
- Server resource utilization
- Server backup processes
- Redundancy / high availability configuration
- Anti-virus/anti-malware systems
- IT asset inventory processes
- Server update processes
- Identity and authentication systems
Network
- Complete network discovery mapping
- Discovered network inventory list
- Internal network device vulnerability scan
- External network device vulnerability scan
- Firewall vulnerability scan
- IDS/IPS review
- Spam filtering review
- Web filter device review
- Data loss prevention systems review
Application Scanning
- Discovery of all internal web applications
- Discovery of all external web applications
- Application vulnerability assessment
- Application server vulnerability scanning
Information Security
- Sensitive data inventory
- Data classification
- Data risk analysis
- Data encryption review
- Access authorization procedures access controls
Policies
- Comprehensive IT policy review
- Disaster recovery plan review
- Business continuity plan review
- Device and media control policy review
- Security incident procedure review
- Log monitoring process review
- Workforce security policy review
- Workforce “hire and fire” policy review
- Risk management process review
To get started with your company’s security risk assessment or for pricing information, contact 46Solutions for a quick discussion with a security consultant.
CONTACT US Today for a FREE Consultation!
Eric Del Valle is the business development manager for 46Solutions. He studied computer information systems (CIS) at the University of Louisville and brings a decade of technology sales experience to the company. He enjoys Florida football, craft beer, and spending time with his wife and two children.